Internal Audit, Technology Risk & Cybersecurity Auditor, Associate, Warsaw
In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm's compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We're looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm's operations and control processes.
RESPONSIBILITIES AND QUALIFICATIONS
BUSINESS UNIT OVERVIEW
The primary role of Internal Audit is to help protect the assets, reputation and sustainability of the organisation. Internal Audit independently assesses the firm's internal control structure. We provide assurance that financial reporting is reliable, that there is compliance with applicable laws and regulations and that the firm's operations are effectively controlled. We assist management in identifying risk and commercially managing risk by providing advice in developing control solutions and monitoring the implementation of management's control measures. IA assists the firm's Board of Directors Audit Committee in fulfilling its oversight responsibilities and regularly interacts with the external independent auditors. Internal Audit is organised into global teams of business and technology auditors:
- Securities - covers the Firm's Sales, Trading and Insurance businesses; including related supporting control functions such as Operations, Technology, Product Control and Divisional Compliance.
- Investment Banking - covers the firm's banking activities and Global Investment Research operations.
- Investment Management - covers the firm's Private Wealth Management, Asset Management and Merchant Banking businesses.
- Corporate - covers the firm's Risk Management, Finance, Corporate Governance, Legal, Compliance and Regulatory Reporting areas as well as Human Capital Management, Services and the Executive Office.
- Core Engineering - covers the firm's core platforms, technology infrastructure and software development lifecycle groups
- Technology Risk & Cybersecurity - covers firm-wide technology risk, including information and cyber security, business resilience, governance and vendor technology risk management
For each assigned review you will report to an experienced project manager. You will be expected to:
- Assist / Lead the risk assessment, scoping and planning of a review.
- Assist / Lead in executing the review. Specifically focusing on the following:
- Design and execute tests to validate identified application system controls, which may require data analysis, code inspection and re-performance of system processes.
- Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
- Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
- Validate that system features meet business, technology and regulatory requirements.
- Validate the quality of internal SOX assessments.
- Document the results of the test steps executed within the IA automated document project repository.
- Assist/Lead in the report preparation
- Assist/Lead in presenting the scope, progress and results of the review to internal, technology and business stakeholders.
- Minimum 3 years work experience, with 1 year minimum auditing experience
- Possess a degree in Computer Science or Engineering or equivalent
- Technology audit skills including:
- Understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
- Cloud computing concepts, technologies, risks and mitigating controls
- Internet infrastructure design and installation and support of network devices and firewalls
- Database design, setup and administration (DBA) experience with Sybase, Oracle, or UDB
- Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
- Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
- Business continuity planning and disaster recovery design and implementation
- Software development lifecycle
- Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
- Relevant technology standards and regulations - ISO 27001, Data Privacy, FFIEC IT handbooks etc.
- Data and log analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
- Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required
- Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
- Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management
- Must be able to multitask while managing both time and work load
- Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
© The Goldman Sachs Group, Inc., 2019. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.
Back to top